FieldPopupNewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback parameter at ajax.php.
References
| Link | Resource |
|---|---|
| https://blog.sorcery.ie/posts/fieldpopupnewsletter_xss/ | Exploit |
| https://sorcery.ie | Not Applicable |
| https://themeforest.net/user/fieldthemes | Product |
| https://blog.sorcery.ie/posts/fieldpopupnewsletter_xss/ | Exploit |
| https://sorcery.ie | Not Applicable |
| https://themeforest.net/user/fieldthemes | Product |
Configurations
History
21 Nov 2024, 08:15
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://blog.sorcery.ie/posts/fieldpopupnewsletter_xss/ - Exploit | |
| References | () https://sorcery.ie - Not Applicable | |
| References | () https://themeforest.net/user/fieldthemes - Product |
12 Sep 2023, 12:59
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-79 | |
| First Time |
Fieldthemes
Fieldthemes fieldpopupnewsletter |
|
| CPE | cpe:2.3:a:fieldthemes:fieldpopupnewsletter:1.0.0:*:*:*:*:prestashop:*:* | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
| References | (MISC) https://themeforest.net/user/fieldthemes - Product | |
| References | (MISC) https://sorcery.ie - Not Applicable | |
| References | (MISC) https://blog.sorcery.ie/posts/fieldpopupnewsletter_xss/ - Exploit |
11 Sep 2023, 09:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary | FieldPopupNewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback parameter at ajax.php. |
08 Sep 2023, 14:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-09-08 14:15
Updated : 2024-11-21 08:15
NVD link : CVE-2023-39676
Mitre link : CVE-2023-39676
CVE.ORG link : CVE-2023-39676
JSON object : View
Products Affected
fieldthemes
- fieldpopupnewsletter
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')